Wireshark Multiple Denial Of Service Vulnerabilities - July 12 (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to multiple denial of service vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to the Wireshark version 1.4.13, 1.6.8 or later, For updates refer to http://www.wireshark.org/download

Insight

- Errors in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors can be exploited to cause infinite loops via specially crafted packets. - An error in the DIAMETER dissector does not properly allocate memory and can be exploited to cause a crash via a specially crafted packet.

Affected

Wireshark versions 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on Windows

References

http://secunia.com/advisories/49226/
http://www.wireshark.org/security/wnpa-sec-2012-08.html
http://www.wireshark.org/security/wnpa-sec-2012-09.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2392, CVE-2012-2393, CVE-2012-3825, CVE-2012-3826

CVSS	Base Score: 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Mac OS X)
MDaemon imap server DoS(2)
Wireshark Multiple Denial of Service Vulnerabilities - July 12 (Windows)
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Linux
PHP 'mbstring.func_overload' DoS Vulnerability

Take action and discover your vulnerabilities